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The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- tf the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- tf NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 



3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-37 is/are pending in the application. 



Application Papers 

9)D The specification is objected to by the Examiner. 

10)H The drawing(s) filed on 17 November 2000 is/are: a)Kl accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Status 



1 )E3 Responsive to communication(s) filed on 17 November 2000 . 
2a)D This action is FINAL. 2b)M This action is non-final. 



4a) Of the above claim(s) is/are withdrawn from consideration. 



5)D Claim(s) is/are allowed. 



6) 13 Claim(s) 1-7.1 2-1 7.1 9-21. 24-33,35 and 37 is/are rejected. 

7) K Claim(s) 8-11.18.22.23.34 and 36 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 



Attachment(s) 

1) I3 Notice of References Cited (PTO-892) 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) H Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 




Paper No(s)/Mail Date. 



Paper No(s)/Mail Date 2. 



5) O Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 3 
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DETAILED ACTION 



1. 



The IDS of 1 1/17/00 has been received and considered. 



2. 



Claims 1-37 are pending. 



Claim Rejections - 35 USC § 101 



3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

4. Claims 1-25 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. Claim 1 presents a method of issuing certificates; the claim 
language is related to a mathematical operation not tangibly embodied. Claim 16 presents an 
apparatus performing the method of claim 1. Claim 16 appears to be directed towards a 
computer program per se. Claims 2-15 & 17-25 are rejected based on their dependence upon 
claims 1 & 16, respectively. 

5. To expedite a complete examination of the instant application, the claims rejected under 
35 U.S.C. 101 (nonstatutory) above are further rejected as set forth below in anticipation of the 
applicant amending these claims to place them within the four statutory classes of invention. 



Claim Rejections - 35 USC § 112 



6. 



The following is a quotation of the second paragraph of 35 U.S.C. 112: 



The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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7. Claim 6 recites the limitation "the plurality of cross certificates' 1 in line 1. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC §103 

8. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 1-7, 12-13, 16-17, 19-21, 24-33, 35 & 37 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over"An Introduction to Cryptography' by Network Associates, Inc. (NAI) in 
view of Handbook of Applied Cryptography by Menezes et al. (Menezes). 

Regarding claims 1, 16 & 30, NAI discloses collecting at least one certificate associated 
with an anchor certificate issuing unit/home user (page 33, 1J1-2) and obtaining at least one (one) 
certificate issuing unit/(user validated by trusted introducer Alice) public key and an associated 
unique identifier (certificate) (page 33, 1|2) for a certified certificate issuing unit/ Alice identified 
by the at least one certificate (validated Alice's key/certificate), and creating a signed certificate 
set/keyring (page 33, fl, page 18, p & page 28, T|2) identifying the certificate issuing 
units/(users validated by trusted introducer Alice) determined to be trusted by the anchor 
certificate issuing unit/home user, based on the at least one certificate/ Alice's certificate wherein 
the signed certificate set includes at least the unique identifier and the public key of each trusted 
certificate issuing unit/(users validated by trusted introducer Alice) (page 33, fll). NAI lacks a 
cross certificate. However, Menezes teaches that a cross-certificate is simply a certificate 
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created by one certification authority, certifying the public key of another CA (§13.6. 1, def. 
13.39). NAI discloses that in PGP, users act as certification authorities (page 32, p). Therefore, 
it would have been obvious to one having ordinary skill in the art at the time the invention was 
made to obtain a cross-certificate and use the information in that rather than the certificate, as 
disclosed by NAI. One of ordinary skill in the art would have been motivated to perform such a 
modification because each user acts as a certificate authority (NAI, page 32, ]J3) and cross- 
certificates are used by one CA to certify another, as taught by Menezes (§13.6.1, def. 13.39). 

Regarding claims 2, 27 & 31, NAI, as modified above, discloses generating a signed 
certificate set revocation list/certificate revocation list containing at least an identifier of at least 
one signed certificate set that has been revoked (page 34). 

Regarding claim 3, NAI, as modified above, lacks specifically obtaining cross certificates 
by obtaining chained cross certificates from a plurality of certificate issuing units. However, 
NAI teaches that if a direct trust path is not found, a path of chained certificates can be followed 
to establish a trust relationship between entities (page 3 1, ^[1). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to obtain cross 
certificates by obtaining chained cross certificates from a plurality of certificate issuing units. 
One of ordinary skill in the art would have been motivated to perform such a modification to 
establish a trust relationship where a direct trust path did not exists, as taught by NAI (page 3 1 , 

no- 

Regarding claims 4, 19, 28 & 32, as modified above and as best understood, NAI 
discloses publishing the signed certificate set of certificate issuing units certificates/CRL, 
accessible by a plurality of different clients (page 28, T|2 & page 34, ^5). 
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Regarding claims 5 & 37, as modified above, NAI discloses publishing the signed 
certificate set of certificate issuing units certificates/CRL accessible by a plurality of different 
clients (page 28, 1|2 & page 34, flS) and distributing the signed certificate/CRL set to client 
units/users (page 34, 1(5-6). Note that publishing a set of certificates, each containing an 
identifier, is substantially equivalent to publishing a certificate-issuing unit. 

Regarding claims 6 & 20, NAI, as modified above, discloses collecting cross certificates 
from a data repository/keyring associated with the anchor CA/the user (page 33, 1j2). 

Regarding claims 7, 21 & 33, NAI, as modified above, discloses that the signed 
certificate set of certificate issuing units/keyring is digitally signed (page 18, 1f3), which 
inherently provides a trusted cross certificate (page 28, 1[l-4 & page 68) (a user As signature on 
another user B's certificate indicates trust-a user C who trusts A will then trust B) (page 28). 

Regarding claims 12, 24, 29 & 35, NAI, as modified above, discloses creating a plurality 
of signed certificate sets/keyrings on a per anchor certificate issuing unit/user basis (page 18, 1|3) 
where each signed certificate set contains at least: a list of unique identifiers and associated 
public keys (page 21) of each certificate issuing unit trusted by an anchor certificate issuing 
unit/user (page 33, 1[l-2), and publishing each signed certificate set/public keyring wherein each 
published signed certificate set is accessible by a plurality of different client units/users (page 28, 
112 & page 18, p). 

Regarding claims 13 & 25, NAI, as modified above, discloses validating a digital 
signature on each cross certificate (Alice) and including only validated certificate issuing 
units/C As that have valid certificates (validated certificate appears on your (usefs) keyring) (page 
33, lfl-2). 
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Regarding claim 17, NAI discloses the signed certificate set/keyring generator/user 
generating and publishing a signed certificate set revocation list/CRL containing at least an 
identifier (certificate) of at least one signed certificate set that has been revoked (page 34). 

Regarding claims 26, NAI discloses a signed certificate set/keyring generator/user 
collecting at least one certificate associated with an anchor certificate issuing unit/home user 
(page 33, If 1-2) and obtaining at least one (one) certificate issuing unit/(user validated by trusted 
introducer Alice) public key and an associated unique identifier (certificate) (page 33, ^[2) for a 
certified certificate issuing unit/ Alice identified by the at least one certificate (validated Alice's 
key/certificate), and creating a signed certificate set/keyring (page 33, ^[1, page 18, p & page 28, 
1f2) identifying the certificate issuing units/(users validated by trusted introducer Alice) 
determined to be trusted by the anchor certificate issuing unit/home user, based on the at least 
one certificate/ Alice's certificate wherein the signed certificate set includes at least the unique 
identifier and the public key of each trusted certificate issuing unit/(users validated by trusted 
introducer Alice) (page 33, 1J1). NAI further discloses at least one client unit/user in operative 
communication with the signed certificate set generator/user operative to access the signed 
certificate set/keyring to determine whether a received message is from a trusted source based on 
the signed certificate set/keyring (page 28, Tf2). NAI lacks a cross certificate. However, 
Menezes teaches that a cross-certificate is simply a certificate created by one certification 
authority, certifying the public key of another CA (§13.6. 1, def 13.39). NAI discloses that in 
PGP, users act as certification authorities (page 32, p). Therefore, it would have been obvious 
to one having ordinary skill in the art at the time the invention was made to obtain a cross- 
certificate and use the information in that rather than the certificate, as disclosed by NAI. One of 
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ordinary skill in the art would have been motivated to perform such a modification because each 
user acts as a certificate authority (NAI, page 32, 1J3) and cross-certificates are used by one CA 
to certify another, as taught by Menezes (§13.6.1, def. 13.39). 

10. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over NAI in view of 
Menezes, as applied to claim 1 above, in further view of U.S. Patent 6,321,333 to Murray. NAI, 
as modified above, discloses validating an end-entity/user certificate using the public key of the 
certificate issuing authority/CA associated with the certificate (page 30, ^\) and discloses that to 
verify a user without previous contact, one can use the trust relationship already established with 
the usef s CA (pages 30-32), but lacks caching a copy of the signed certificate set/keyring and 
validating and end-entity certificate by seeing if the certificate issuing entity/CA associated with 
the end-entity is on the cached signed certificate set/keyring and using the public key of that 
certificate issuing entity to validate the end-entity certificate. However, Murray teaches that 
certificate validation is more efficient when a certificate cache is employed where the user first 
checks to see if the certificate presented is in the cache and determines that it is valid if it is in 
the cache (col. 2, lines 13-34). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to employ a certificate cache to cache the 
keyring/certificate set to validate that the end-entitys CAs certificate is in the cache. One of 
ordinary skill in the art would have been motivated to perform such a modification to increase 
efficiency, as taught by Murray (col. 2, lines 13-34). 
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1 1 . Claim 1 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over NAI in view of 
Menezes, as applied to claim 1 above, in further view of Federal Bridge CA Concept' by Burr, 
5/4/2000. NAI, as modified above, lacks applying policy constraints including placing 
identifiers of those policy constraints in the signed set/keyring. However, Burr teaches that 
certificate policies enable a user to describe a level of assurance to a certificate and intended uses 
of the certificate (page 32). Therefore, it would have been obvious to one having ordinary skill 
in the art at the time the invention was made to apply policy constraints including placing 
identifiers/levels of assurance in the signed set/keyring. One of ordinary skill in the art would 
have been motivated to perform such a modification to describe a level of assurance a user has in 
the keyring and to assert an intended use, as taught by Burr (page 32). 

Allowable Subject Matter 

12. Claims 34 & 36 are objected to as being dependent upon a rejected base claim, but are 
believed to be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 

Conclusion 

13. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. The '050 and '093 patent references are cited for teaching certificate caching and 
multiple key rings, respectively. 
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b. The Gunter reference is cited for teaching certificate management through 
policies. 

c. The Shimaoka reference is cited for teaching issues associated with multi-domain 
PKI and path validation. 

d. The Polk reference is cited for teaching linking disparate PKIs. 

e. PGP 2.6.2 Usefs Guide Volume I: Essential Topics (Zimmermann) is cited for 
teaching general practices associated with PGP. 

f The Stillson reference is cited for teaching pre-caching of certificates/certificate 
spider/pre-caching of paths/trust spider. 



14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (703)305-8191. 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4: 15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m.-3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examinees 
supervisor, Gregory Morse can be reached on (703)308-4789. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 

(703)746-7240 (for informal or draft communications, please label "PROPOSED' 
or'DRAFT) 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington, VA 22202, Fourth Floor (Receptionist). 
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Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (703) 305-9000. 

1 5. Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





April 27, 2004 



